fix(ci): prevent duplicate pr-audit triggers on multi-label events#2859
Merged
legion2002 merged 2 commits intomainfrom Feb 25, 2026
Merged
fix(ci): prevent duplicate pr-audit triggers on multi-label events#2859legion2002 merged 2 commits intomainfrom
legion2002 merged 2 commits intomainfrom
Conversation
When multiple labels are added simultaneously, GitHub fires a separate labeled event per label. The old condition checked if the PR *has* the agentic-audit label, which is true for all events. This caused N audit runs for N labels added at once (e.g., 3 comments on PR #2857). Fix: check github.event.label.name instead of scanning all labels.
Draft PRs with the agentic-audit label should still trigger the audit. The draft check was blocking early security feedback.
kamsz
approved these changes
Feb 25, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When multiple labels are added to a PR simultaneously (e.g.,
C-enhancement,A-precompile,agentic-audit), GitHub fires a separatelabeledevent for each label. The oldifcondition checked whether the PR has theagentic-auditlabel:Since all three events see the PR already has the label, all three pass the condition and trigger an audit. This is what happened on PR #2857 — 3 Ralph comments were posted.
Fix
Check
github.event.label.name(the label from the current event) instead:Only the event where
agentic-auditis the label being added will trigger the audit.